弹簧安全:实施JWT过滤器
登陆春季安全确实是一条艰难的道路。
我需要实施身份验证机制,以选择JWT令牌并提取身份验证。
确保我是否使用最佳方法来实施它真的很复杂。
我需要实现和jwtauthenticationFilter
问题:
- 为什么我需要从
basicAuthenticationFilter扩展?那里的所有示例都从它延伸到实现jwtauthenticationfilter!它与基本机制有什么关系? - 我也看到了
jwtauthorizationfilter。为什么...授权filter而不是... AuthenticationFilter?
要实现我的目标的最佳方法是哪种?
Landing on Spring security is really an stucky path.
I need to implement an authentication mechanism in order to pick jwt token and extract authentication.
It's really complicated to be sure whether I'm using best approach in order to implement it.
I need to implement and JWTAuthenticationFilter
Questions:
- Why do I need to extend from
BasicAuthenticationFilter? All exemples over there extends from it to implement aJWTAuthenticationFilter! What does it have to do with BASIC mechanism? - Also I saw over there
JWTAuthorizationFilter. Why...AuthorizationFilterinstead of...AuthenticationFilter?
Which is the best approach about to get my goal?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您无需为此提供自定义过滤器,可以使用
spring-security-oauth2-resource-server依赖关系和配置spring boot ,就像这样:通过这样做,Spring Security将转到Identity提供者并检索JWT键验证请求中提供的令牌。如果您需要自定义行为,则可以覆盖Spring Boot自动configuration,请参见文档。
You don't need to provide a custom filter for that, you can use
spring-security-oauth2-resource-serverdependency and configure Spring Boot, like so:By doing this, Spring Security will go to the identity provider and retrieve the JWT keys to validate the token provided in the request. If you need to customize the behavior you can override Spring Boot auto-configuration, see the documentation.